<?php
session_start();
include "config.php";


if($_GET['a'] == "get_authors"){
	$authors = array();
	$sel = mysql_query("select distinct u.user_name from filebin_users u left join filebin_files f on f.uid=u.id where f.album like '%".$loc->db_cmp($_GET['album'])."%' and u.user_name like '%".$loc->db_cmp($_GET['q'])."%' order by u.user_name asc");
	while($res = mysql_fetch_array($sel)){
		$authors[] = $loc->db_out($res['user_name']);
	}

	$output = implode("\n" , $authors);
	echo $output;

}


if($_GET['a'] == "get_albums"){
	$albums = array();
	$sel = mysql_query("select distinct f.album from filebin_files f left join filebin_users u on u.id=f.uid where u.user_name like '%".$loc->db_cmp($_GET['author'])."%' and f.album like '%".$loc->db_cmp($_GET['q'])."%' order by f.album asc");
	while($res = mysql_fetch_array($sel)){
		$albums[] = $loc->db_out($res['album']);
	}
	
	
	$output = implode("\n" , $albums);
	
	echo $output;
}


if($_GET['a'] == "remove_file"){
	//echo $_SESSION['uid'];
	//Get credentials
	$sel = mysql_query("select u.user_name as userName, u.pass_word as passWord from filebin_users as u left join filebin_files as f on f.uid=u.id where f.filecode='".$loc->db_cmp($_GET['filecode'])."' and f.uid='".$_SESSION['uid']."' and u.id='".$_SESSION['uid']."'");
	$res = mysql_fetch_array($sel);
	//echo mysql_error();
	
	$url = WEB_ROOT . "remove_file.php?username=".$loc->db_out($res['userName'])."&password=".$loc->db_out($res['passWord'])."&filecode=".$loc->db_out($_GET['filecode'])."&transferKEY=".TRANSFER_KEY;
	
	$url = str_replace(" " , "%20" , $url);
	//echo $url;

	$fp = fopen($url , "r");
	$resp = fread($fp , 1024);
	fclose($fp);

	echo $resp;
}



if($_GET['a'] == "vote"){
	$thisIP = $_SERVER['REMOTE_ADDR'];
	$hoursMin = 24;
	$minTime = (time()-($hoursMin*60*60));
	//$minTime = (time()-1);
	$filecode = $loc->db_out($_GET['filecode']);

	$selEx = mysql_query("select id from filebin_votes where ip='".$thisIP."' and date >= '".$minTime."' and filecode = '".$filecode."' order by date desc");
	$resEx = mysql_fetch_array($selEx);
	if(!$resEx['id']){
		mysql_query("insert into filebin_votes (ip,filecode,date) values ('".$thisIP."','".$filecode."','".time()."')");
		if($_GET['direction'] == "up"){
			mysql_query("update filebin_files set rating = rating + 1, total_rates = total_rates+1 where filecode='".$filecode."'");
		}else{
			mysql_query("update filebin_files set rating = rating - 1, total_rates = total_rates+1 where filecode='".$filecode."'");
		}
		echo "Your vote has been placed succesfully ! Thank you !";
	}else{
		echo "You have already voted for this file at: ".date("F d Y - H:i:s");
	}

}

?>